Cybersecurity researchers have uncovered a widespread scam targeting TikTok Shop users through phishing, fake ads, and malware, aiming to steal credentials and distribute trojanized apps. The campaign, named FraudOnTok, uses lookalike domains, AI-generated influencer content, and fake storefronts to lure users into downloading malware or making cryptocurrency payments. #ClickTok #SparkKitty #FraudOnTok
Keypoints
- The FraudOnTok campaign targets TikTok Shop users worldwide with phishing and malware tactics.
- Over 15,000 lookalike domains mimic legitimate TikTok URLs and host malicious phishing pages.
- Fake ads and AI-generated content deceive users into downloading trojanized apps and sharing cryptocurrency.
- The embedded malware SparkKitty can harvest device data, screenshots, and wallet seed phrases.
- Other campaigns, such as CyberHeist Phish and Meta Mirage, also exploit social media and banking sites for credential theft.
Read More: https://thehackernews.com/2025/08/15000-fake-tiktok-shop-domains-deliver.html
update,
change in the campaign name from “ClickTok” to “FraudOnTok
https://www.ctm360.com/reports/fraudontok-tiktok-shop-scam-report